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FD-320 (Rev. 4-11-86) 



In Reply, Please Refer to 


File No. 


FBI CASE STATUS FORM 


b3 

b7E 


Date: 01/22/1999 


T°: Honorable Richard H. Deane, Jr., 75 Spring Street, Atlanta, GA. 

3 0335 (Name and Address of USA) 

From: SAC Jack A. Daulton _ _ 

(Name of Official in Charge and Field Division) (Signature of Official in Charge) 

RE: UNSUB. - BELLSOUTH. NET-VICTIM: 


(Name of Subject) 


You are hereby advised of action authorized by AUSA | |___ 

(Name of USA or AUSA) 


on information submitted by Special Agent SA I 

(Name) 


Age 


Sex 


on 1/25/99 
(Date) 


b6 

b7C 


(Check One) 

X 

Request further investigation 

□ 

Immediate declination 

□ 

Filing of complaint 

□ 

Presentation to Federal Grand Jury 

□ 

Filing of information 

□ 

Other 


For violation of Title 


18 , USC, Section® 


1030 (a) (5) 


Synopsis of case: BellSouth.net has reported a denial of service attack 

affecting one of their clients, AmSouth Bank causing as yet a 
undetermined amount of money. The attacks came through UUNET and 
Cable Wireless and both ISP’s are aware of the attack. 


AUSA] 


was advised and he stated, 
this would be a violation if Title 18, Section 1030, 
would prosecute. 


if proven, 
for which he 


2 -US ATTORNEY ’S OFFICE 

i^sai r 1 



b7C 

b7E 







( 01 / 26 / 1998 ) 


FEDERAL BUREAU OF INVESTIGATION 


Precedence: ROUTINE Date: 01/20/1999 

To: Atlanta 

From: Atlanta 

Squad 11 
Contact: SA 

Approved By: 


Drafted By: 

Case ID #: 

Title: UNSUB; 

BellSouth.net - Victim, 
AmSouth Bank - Victim; 
Denial of Service Attack, 


Synopsis: To Open Case. 

Details: BellSouth.net contacted writer and advised that they 

have been having a string of denial of service attacks affecting 
them as well as one of their clients, AmSouth Bank. The attack 
is coming in the form of a rapid mail spamming (approximately 40 
to 70 messages a minute for several days without stop. 

One of the ISP's used in this attack was UUNET. UUNET 
has been contacted by BellSouth and they have advised they have 
the identity of the subscriber through his IP address. However, 
UUNET will not release any information to BellSouth, but, they 
will cooperate with the FBI via subpena. UUNET has been contacted 
and they have advised they will accept a faxed subpoena and they 
will also fax the information back. UUNET advised to make 
reference to tracking number UU1148498. 



AUSA has been contacted and advised he will 

obtain a subpoena to get this information and thereafter 
appropriate investigation will be conducted. 







( 01 / 26 / 1998 ) 


FEDERAL BUREAU OF INVESTIGATION 


Precedence : ROUTINE 


To: Washington Field 


Date: 02/09/1999 


Attn: Sq uad C-17 

SA r~ 


i/!From: 


Atlanta 

Squad 11 

Contact: 


SA 



Approved By: 



Drafted By: 
Case ID #: 


Pending) 


Title: 


UNSUB; 

BellSouth.net - Victim, 
AmSouth Bank - Victim; 
Denial of Service Attack 
(00:AT) 



Details: Unsub. attacked the victims with a denial of service 

attack that at- m hnnr.q ranginn firianrial ^ nrl _ 

service damaqe. 













To: Washington Fie ld From: 

Re: II 02/09/1999 


LEAD (S): 
Set Lead 1: 


Atlanta 


WASHINGTON FIELD OFFICE 
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ECFVAOMO 


05/10/00 
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(12/31/1995) 





FEDERAL BUREAU OF INVESTIGATION 


Precedence: ROUTINE 


To: Atlanta 


Date: 02/15/1999 


Attn: 


Sq uad 11 
SA 


b6 

b7C 


From: WFO 


Squad C-17, i 

Northern Virginia Resident Agency 

(NVRA) 

Contact: SA 


Approved By: 

Drafted By: 


» 



Case ID #: 
Title: 


b3 

b7E 


UNSUB; 

BellSouth.net - Victim, 
AmSouth Bank - Victim; 
Denial-of-Service Attack; 
00: AT 


Synopsis: 

Enclosures: Subpoena and FD-302 copies for case file. 

anrl_£i&l 


b3 

b6 

b7C 


SA 


1 ( 9 / Q / Q Q) 


set by Ec from AT dated 2/9/1999 to be covere 


7 


WFO considers lead 


♦♦ 
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( 01 / 26 / 1998 ) 



FEDERAL BUREAU OF INVESTIGATION 


Precedence : ROUTINE 

To: Atlanta 

From : At1ant a 

Squad 17 

Contact: ! 


Approved By: 


Date: 06/28/1999 



Drafted By: 
Case ID #:f 



b6 

b7C 


b3 

b7E 


Title: 


UNSUB; 

BellSouth.net - Victim,*— 
AmSouth Bank - Victim, 
Denial of Service Attack 


Synopsis: To report contact with AUSA 



b6 

b7C 


Details: On 6/22/99 AUSA_advised that at this time he 

is considerat ina pros ecuting captioned case. He was previously 
advised by SA I that in order to attempt a successful 

prosection, a Title III w ould probably be necessary in order for 
a ISP, who i s cooperat ing. 

At that time I i took tms under adviseme nt about w netner or 

not the effort would be effective. On 6/22/99 _advised 

that captioned case should remain open and he wanted to explore 
the possibilities of a Title III as well as any other types of 
investigation. 


♦♦ 




177 h up&i ee. 
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FEDERAL BUREAU OF INVESTIGATION 


Precedence: ROUTINE Date: 06/20/2003 

To: Cyber Division Attn: Criminal Computer 

Intrusion Unit 


From: Atlanta 

Approved By: 

Drafted By: I_ 

Case ID #: 1 


b6 

b7C 


b3 

b7E 


Title: UNSUB (S); 

BELLSOUTH.NET - VICTIM; 
AMSOUTH BANK - VICTIM; 
COMPUTER INTRUSION - CRIMINAL 


SUBMISSION: X Initial □ Supplemental X Closed 
CASE OPENED: 01/22/1999 
CASE CLOSED: 05/10/2000 

□ No action due to state/local prosecution (Name/Number_) 

□ USA. declination 

□ -Referred to Another Federal Agency (Name/Number:_) 

□ Placed in unaddressed work 
X Closed administratively 

□ Conviction 

COORDINATION: FBI Field Office _ 

Government Agency _ 

Private Corporation _ 


VICTIM 


Company name/Government agency: BellSouth.net 
Address/location: Atlanta, GA 
Purpose of System: ISP 

Highest classification of information stored in system: Unclassified 







M 



To: Cvber Divisio n From: Atlanta 

Re: Date: 06/20/2003 


b3 

b7E 


System Data: 

Hardware/configuration (CPU): 

Operating System: 

Software: 

Security Features: 

Security Software Installed: □ yes (identify_) □ no 

Logon Warning Banner: □ yes □ no 

INTRUSION INFORMATION 

* 

Access for intrusion: X Internet connection □ dial-up number □ LAN (insider) 

If Internet: Internet address: 

Network name: 


Method: 


Technique(s) used in intrusion: (list provided) 


Path of intrusion: 


Subject: 


Sex: 


Alias(s): 


Group Affiliation: 
Employer:_ 


Known Accomplices: 
Equipment used: 


addresses: 1. 

2. 

3. 

4. 

5. 

country: 1. 

2. 

3. 

4. 

5. • 

facility: 1. 

2. 

3. 

4. 

5. 

Age: 



Race: 



Education: 


Motive: 


Hardware/configuration (CPU): 
Operating System: 

Software: 


Impact: 


Compromise of classified information: □ yes X no 
Estimated number of computers affected: Undetermined 
Estimated dollar loss to date: Undetermined 


2 







,*r' 


* %> 


TO: 
Re: 



Cvh^r D-ivi.q-i on From: Atlanta 

Date: 06/20/2003 



Category of Crime: 

* 

Theft of Information: 

□ Classified information compromised 

□ Unclassified information compromised 

□ Passwords obtained 

□ Computer processing time obtained 

□ Operating software obtained 

Intrusion: 

□ Unauthorized access 

□ Exceeding authorized access 


Impairment: 

□ Malicious code inserted 
X Denial of service 

□ Destruction of information/software 

□ Modification of information/software 

□ Telephone services obtained 

□ Application software obtained 


b3 

b7E 


REMARKS 

BellSouth.net contacted FBI Atlanta and advised that the company 
has been having a string of denial of service attacks affecting 
them as well as one of their clients, AmSouth Bank. The attack 
is coming in the form of a rapid mail spamming, approximately 40 
to 70 messages a minute for several days without stop. 

Investigation failed to develop significant information regarding 
the identity of UNSUB(S). Case was closed administratively. 


♦♦ 


3 








